Federal Information Processing Standards
The US government produces technical advice on IT systems and security, including data encryption. The National Institute for Standards and Technology (NIST) is an important body concerned with IT systems and security. NIST produces recommendations and standards, including the Federal Information Processing Standards (FIPS).
Over time, analysts develop attacks against existing encryption and hashing algorithms. New algorithms are adopted to resist those attacks. The Federal Information Processing Standards are periodically updated to take account of these changes.
![[z/OS]](ngzos.gif)
FIPS 140-3 cryptography is not supported on z/OS®.
![[AIX, Linux, Windows]](../common/../secure/ngalw.gif)
On AIX®, Linux® s390x, and Windows,
IBM® MQ provides FIPS 140-2 compliance through the GSKit 8
IBM Crypto for C (ICC) cryptographic module. The certificate for
this module has been moved to the Historical status. Customers should view the IBM Crypto for C (ICC)
certificate and be aware of any advice provided by NIST. ![[MQ 9.4.4 Oct 2025]](../common/../secure/ng944.gif)
![[Linux]](../common/../secure/nglinux.gif)
From
IBM MQ 9.4.4, on Linux for x86-64 and Linux on Power® Systems - Little Endian, IBM MQ
provides FIPS 140-3 compliance through the GSKit 9
IBM Crypto for C (ICC) cryptographic module. The NIST certification
associated with the FIPS 140-3 module can be viewed at
https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4755.![[MQ 9.4.5 Feb 2026]](../common/../secure/ng945.gif)
![[AIX]](../common/../secure/ngaix.gif)
From IBM MQ 9.4.5 on AIX,
GSKit has been updated to version 9. GSKit 9 increases the standard for FIPS compliance from FIPS 140-2 to FIPS 140-3. IBM MQ
provides FIPS 140-3 compliance through the IBM Crypto for C (ICC) cryptographic module (64 bit only). Note: Other platforms such as Windows and Linux s390x remain at GSKit 8 and FIPS 140-2 level.![[MQ 9.4.2 Feb 2025]](../common/../secure/ng942.gif)
The FIPS 140-3 cryptographic
module within IBM Semeru Runtime was approved by NIST in
August 2024. IBM MQ 9.4.2 adds support for the handling of
IBM MQ classes for JMS and IBM MQ classes for Java client connections using TLS for FIPS 140-3 in Java 8 and IBM Semeru Runtime 11+. The NIST certification associated with the
FIPS 140-3 module can be viewed at https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4755. The FIPS 140-2
provider is still the default profile. IBM MQ 9.4.2 does not
change the default behavior but does allow you to configure connections with FIPS 140-3.- For IBM MQ in Containers, the IBM MQ Operator 3.2.0 and queue manager container image 9.4.0.0 onwards are based
on UBI 9. FIPS 140-3 compliance for IBM MQ in Containers is currently
pending.If FIPS is enabled, IBM MQ in Container control processes use a FIPS 140-3 Certified OpenSSL Module. Details of the NIST
certification can be viewed at: https://access.redhat.com/compliance/fips. IBM MQ queue managers running in container images have the same FIPS certification level as the base image platform
version of IBM MQ.